On a typical Linux distro, what information do WiFi access points get when you search for and use another AP?

On a typical Linux distro, what information do WiFi access points get when you search for and use another AP?
from comfy@lemmy.ml to privacy@lemmy.ml on 29 Apr 02:32
https://lemmy.ml/post/46578117

Let’s say, I sit down in a mall, open my laptop and connect to a secured mobile hotspot. Then I do it again next week after a reboot. What information would a nearby shop or a passive malicious hacker be able to find about my device? Does my device send out identifying information before joining, like a MAC address? Is this persistent, or randomized?

I intentionally haven’t specified a distro, so if something only applies to some network managers, give some details.

Bonus points: what about Android phones?

#privacy

threaded - newest

Maiq@piefed.social on 29 Apr 03:16 next collapse

If you and the attacker share the same network the attacker can get all sorts if info.

Tools like nmap show things like ip, mac, ports and os detection.

You can use macchanger to randomize your mac. I think there is a setting in networkmanager to do this. Been a while since I looked in the settings.

cyberpunk007@lemmy.ca on 29 Apr 03:48 collapse

To add to this, I’d be more worried about traffic collection. DNS requests (if your browser isn’t using dnssec then you may not be aware), IPs visited, and other stuff.

thumdinger@lemmy.world on 30 Apr 10:43 next collapse

I might be wrong on this or might be missing your point, but I thought dnssec was for validating integrity of the request, not to encrypt it like DoT or DoH.

cyberpunk007@lemmy.ca on 30 Apr 11:54 collapse

Sorry my bad, you are correct and I meant DoT or DoH.

WhyJiffie@sh.itjust.works on 30 Apr 22:03 collapse

not only the browser, other programs and system services too

Scipitie@lemmy.dbzer0.com on 29 Apr 04:54 next collapse

(edit: all of below stuff is only for not being on the same network. After that it gets … messy)

Oh boy! First: Thank you - I thought to briefly validate my knowledge and understanding before answering and went down a rabbit hole :D this is my current grasp, happy to be corrected!

First: Most is actually not even distro agnostic but also OS agnostic:

Most modern wifi devices when you tell them to “connect to WiFi” radiates, literally, what it can do and what kind of connection it wants. E.g. im a wifi device with WPA3 capabilities and this is my Mac address to answer me.

OS specific is the question if your Mac address gets scrambled or not. For both iwd and networkmanager, which both support it, have it turned off by default. There is a big advantage to being able to be recognizable on friendly networks after all.

Now comes the part I wasn’t aware:

Even your hostname is often still broadcasted publicly! This happens during the DHCP handshake - and many devices don’t support apparently existing standards to address this gap. It’s all about securing the first frames where devices align on communication standards, encryption way, etc. This seems to still be quite public.

Android was easier (and iOS seems to be the same but I didn’t bother with that more): Same as Linux but more aggressive by default: Mac scrambling all the time while searching for networks ,DHCP uses obscure strings as hostnames, etc.

Fun fact: even those have stable max addresses once connected. Again, getting the same DHCP lease and being able to whitelist or recognized by the network seems to have more upsights than I was aware of.

LytiaNP@lemmy.today on 29 Apr 07:16 collapse

On iOS and most androids, your Mac address is only scrambled per network. So when you connect to the same network again, your device will use the same Mac address. This generally isn’t an issue if you’re using a private wifi network, or any network where the password isn’t public, but for public wifi it makes it much easier to identify you.

ms_lane@lemmy.world on 29 Apr 09:06 next collapse

And track you, Cisco has had the ability to track MAC addresses over their APs on a map for 2 decades now.

Also track you over multiple networks- most only care about the SSID- so if you’ve ever connected to “eduroam” you can be tracked across multiple campuses.

hard_zero1@discuss.tchncs.de on 29 Apr 10:04 collapse

Specifically for eduroam, I assume you can be tracked anyways, since you have to authenticate with your personal credentials, right?

Scipitie@lemmy.dbzer0.com on 29 Apr 10:43 collapse

Thanks for the addition! Edited to make it more clear: there part also referred only to the time before you’ve connected.

ghodawalaaman@programming.dev on 29 Apr 07:04 next collapse

if you are using fedora they randomize your mac address

RodgeGrabTheCat@sh.itjust.works on 29 Apr 08:30 next collapse

I have no idea about Linux but on GrapheneOS the MAC address is randomized with each connection.The phone appears to be a different device each time.

bob_lemon@feddit.org on 29 Apr 11:48 next collapse

I hope there’s a whitelist of SSIDs for this. I wouldn’t want my home router to register a new device each time I come back home

ApertureUA@lemmy.today on 29 Apr 12:07 collapse

It’s a native Android feature since ~9 IIRC. Well, if the ROM maintainer didn’t decide to disable it for whatever reason :(

You can toggle it off for specific networks.

kwarg@mander.xyz on 29 Apr 12:03 next collapse

Is this why my GOS phone does not connect back to my home wifi every time i leave and come back?

RodgeGrabTheCat@sh.itjust.works on 29 Apr 14:26 collapse

Mine connects if I don’t turn off WiFi in the phone settings. Not sure why yours isn’t.

kwarg@mander.xyz on 29 Apr 22:58 collapse

probably bc im stupid and didnt realize I have set it to turn wifi off automatically if it stays disconnected from any router for 10min

RodgeGrabTheCat@sh.itjust.works on 29 Apr 23:35 collapse

Forgetting something doesn’t make you stupid.

kwarg@mander.xyz on 30 Apr 08:24 collapse

very kind of you, thank you :)

unitedwithme@lemmy.today on 29 Apr 12:43 collapse

This is actually an Android feature. iOS, too. It’ll give a random MAC or device MAC depending on what you want.

My MDM at work for Android-based handhelds I’ve configured to device MAC so I can geofence devices and keep track of them. If an employee connects to the employee network (which has to be configured by IT) we set it up with with device only MAC so we can add that device to the allowed list. Apple warns “it enables tracking” but if they ask I tell them in public it might be configured that way but we don’t care nor monitor that closely. If someone shares out the WiFi password by digging through settings, it wouldn’t matter as it’s not allowed.

Anyway, just thought I’d share both mainstream OSes do this now for a few years now.

ApertureUA@lemmy.today on 29 Apr 12:06 collapse

Most compromised routers scrape the hostname (both regular and mDNS) and MAC address. What you do is disable mDNS related daemons like kdeconnect and avahi (until you want them) and put this in /etc/NetworkManager/NetworkManager.conf:

[main]
hostname-mode=none

[device]
wifi.scan-rand-mac-address=yes

[connection]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
connection.mdns=0
connection.llmnr=0

(yes, the mdns bit above is a bit redundant, but systemd has something related that might read it and better be safe than sorry)

This won’t protect you if the router is a bit smarter and can see your NTP server (usually like “x.archlinux.pool.ntp.org” instead of just “x.pool.ntp.org”), your connectivity check (same as NTP) and other servers your machine connects to (like Tor nodes if you have the daemon running and oftc.net if you have an IRC client). The good news is that none are known to check that (at least to me).